Subscribe to our Threatpost Today newsletter

Join thousands of people who receive the latest breaking cybersecurity news every day.

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

*

*

I agree to my personal data being stored and used to receive the newsletter

*

I agree to accept information and occasional commercial offers from Threatpost partners

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

Researchers Reveal Workaround for Apple’s USB Restricted Mode

Researchers released a workaround for Apple’s USB Restricted Mode security feature the same day it was rolled out.

Just as Apple rolled out its new USB Restricted Mode security feature in an OS update, Monday, researchers said that they have already found a workaround.

USB Restricted Mode, released as part of iOS 11.4.1, had removed an iPhone USB access feature, so that an hour after the iPhone has been locked, the phone’s Lightning port (its charging and data port) will automatically lock.

However, researchers at ElcomSoft said that connecting an iPhone to a Lightning accessory – or even an untrusted USB accessory – will reset the USB Restricted Mode countdown timer, as long as the iPhone has still not entered USB Restricted Mode.

“The ability to postpone USB Restricted Mode by connecting the iPhone to an untrusted USB accessory is probably nothing more than an oversight,” Oleg Afonin, researcher with ElcomSoft, said in a post. “We don’t know if this behavior is here to stay, or if Apple will change it in near future. According to our tests, both iOS 11.4.1 and iOS 12 beta 2 exhibit similar behavior; however, this can change in subsequent versions of iOS.”

Apple has not yet responded to a request for comment from Threatpost on the new report.

In order to work around the USB Restricted Mode, Afonin said that he connected an iPhone to a compatible Lightning accessory – in his case Apple’s Lightning to USB 3 Camera Adapter.

After plugging an external battery pack to the adapter to avoid iPhone battery drain, he then placed the iPhone in a Faraday bag – or an enclosure used to block electromagnetic fields.

There are drawbacks to Afonin’s method. He said that some adapters, including the Apple Lightning to 3.5mm jack adapter, do not work to defeat USB restrictions. And, if the iPhone has already entered USB Restricted Mode, the trick ultimately does not work: “If you get a message that the device should be unlocked in order to use the accessory (when you connect it), then USB restricted mode has been activated already, and there is nothing you can do about that, sorry,” he said.

The USB Restricted Mode feature was welcomed by privacy and security advocates because it blocked off several devices – some used by federal law enforcement agencies – that have been designed to hack into iPhones via the Lightning port.

Afonin said the newly-discovered trick could help law enforcement in some cases. “In other words, once the police officer seizes an iPhone, he or she would need to immediately connect that iPhone to a compatible USB accessory to prevent USB Restricted Mode lock after one hour,” he said.

One such device, called the GrayKey box, has been known to unlock iPhones using the Lightning port to install software that cracks the passcode of an iOS device. Reports have found that several federal agencies – such as the FBI – have used the device, made by a company called Grayshift, to unlock up-to-date iPhones.

Grayshift has claimed that it found a workaround to Apple’s solution, according to a report by Motherboard in June.

However, Afonin stressed that regardless of any workaround, the USB Restricted Mode means that devices such as GrayKey and others are now “limited to slow recovery rates.”

“At this point, these are nothing more than just rumors; the company’s official policy is never issuing comments about pre-release software,” he said. “Either way, since iOS 11.4, the speed of GrayKey (and probably its competitors) is limited to slow recovery rates of one passcode in 10 minutes. While this allows breaking 4-digit passcodes in reasonable time (about two months worst-case scenario), 6-digit passcodes already make little sense to attack unless one has a custom dictionary, and 6 digits is the default length for the passcode suggested by iOS.”

Authors

Threatpost

InfoSec Insider Post

InfoSec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

Sponsored

Sponsored Post

Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.